Equifax reportedly suffered a hack earlier than disclosed – CNET

Equifax confirmed it suffered an “incident” in March that led to its hiring cybersecurity firm Mandiant, a specialist in resolving data breaches

Getty Images

Equifax may have suffered a data breach several months before the date it disclosed earlier this month for the massive hack that exposed the personal financial information for roughly half the US population.

Equifax detected a major breach of its computer network in March, Bloomberg reported Monday. That hack would have come nearly five months before a months-long hack exposed a treasure trove of financial data from as many as 143 million people in the US, including names, Social Security numbers, birth dates and addresses of customers.

Equifax has said it learned about that breach on July 29, but the hack wasn’t publicly revealed for more than a month.

On Monday, Equifax confirmed it suffered an “incident” in March that led to its hiring cybersecurity firm Mandiant, a specialist in resolving data breaches. But it denied the March incident was related to the massive hack revealed earlier this month.

“Equifax complied fully with all consumer notification requirements related to the March incident,” an Equifax spokesperson said in a statement. “The two events are not related.”

The company has been under intense scrutiny since the hack was revealed on Sept. 7. A pair of influential US senators have sent a letter to Equifax CEO Rick Smith demanding details about the hack, including information about when authorities and board members were informed of the hack.

They specifically want to know details of nearly $1.8 million in stock sales made by Equifax executives, including the company’s chief financial officer, three days after the breach was discovered and several weeks before it was made public.

The US Justice Department has reportedly opened a criminal investigation into the stock sales.

Equifax said last week the hack was made possible by a months-old but apparently unpatched web server vulnerability. Patches were made available for the flaw in mid-March, but it’s unclear why the flaw still existed on Equifax’s servers in mid-May.

On Friday, the company said Chief Security Officer Susan Mauldin and Chief Information Officer David Webb would be “retiring,” effective immediately.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.